AWS releases CJIS Workbook
As video from body and surveillance cameras, real-time gunshot notifications and a vast array of personally identifiable information and case-related data are increasingly stored in the cloud, law enforcement agencies and their partners must ensure that information is secure. More specifically, they must comply with the FBI’s Criminal Justice Information Services standards for data transmission, storage, retention, authentication and encryption of cloud email, storage and applications.
To help law enforcement agencies ensure their cloud solutions are in line with the FBI’s CJIS security policy, Amazon Web Services has created a CJIS Workbook.
The workbook is designed as a framework for developing CJIS-compliant architecture in the AWS Cloud. It includes information on defining and testing the controls operated by the user, and documents the dependence on the controls that AWS operates. Those controls cover compute, storage, database, networking, regions, availability zones and edge locations.
AWS has CJIS agreements in place with several states, including California, Colorado, Louisiana, Minnesota, Oregon, Utah and Washington.
Other cloud providers are taking similar steps. Microsoft, for example, released a white paper in July 2016 that provides guidance on the CJIS security controls applicable to Microsoft Cloud services and gives law enforcement agencies insights on where to access detailed information to assist in CJIS audits. The company recently signed agreements with Indiana and Iowa, bringing the total states using the Microsoft solution to 28, according to a company blog.
Connect with the GCN staff on Twitter @GCNtech.